You can no longer ignore TLS

Talk about whatever.
Post Reply
User avatar
Will work for food (Administrator)
Posts: 3022
Joined: Mon Jan 14, 2002 12:48 am
Location: Next Door

You can no longer ignore TLS

Post by Jay »

Hi everyone,

Over the years, the case for a stream being encrypted has been quite poor. Personal data rarely traverses media streams so the argument has always been, if sensitive data is never exchanged why bother? Radio Toolbox's site does utilize TLS because we exchange sensitive data with our users. Your login is sensitive, your application communications are sensitive. TLS is a priority that we take seriously with regard to our services.

However, trends are pushing against the case for unencrypted streams. Browsers are more and more pushing users to look for the lock and from a technical standpoint, users may have difficulty understanding when unencrypted channels are safe vs unsafe. Recently Mozilla has released a new version of Firefox that supports "HTTPS only mode" an opt-in feature which blocks unencrypted communication with a warning screen. Earlier this year, Chrome moved to block allowing unencrypted audio assets to play on TLS websites.

We feel the inevitable environment we are moving to is one in which encryption is no longer something you can ignore. We are currently working to revamp our tools to face this new reality. The Radio Toolbox Desktop app currently has TLS support enabled for streams in beta. Stream Analyzer now supports TLS and will soon be giving more details about the TLS aspect of your streams. On unencrypted streams we are going to convey things in a manner consistent with where browsers are going. Steamcast is currently going through an overhaul to support TLS and we hope to allow you to enable TLS and add or retrieve certificates easily.

It will be ultimately up to you if you want to support TLS in your streams, however we currently recommend that you move to offering this capability as soon as possible.
- Jay
Post Reply